Palo Alto Networks PCNSA Online Practice Questions and Exam Preparation

Palo Alto Networks PCNSA Online Questions & Answers

• Question 341:

  

  Given the detailed log information above, what was the result of the firewall traffic inspection?

  A. It was blocked by the Vulnerability Protection profile action.
  B. It was blocked by the Anti-Virus Security profile action.
  C. It was blocked by the Anti-Spyware Profile action.
  D. It was blocked by the Security policy action.
  C. It was blocked by the Anti-Spyware Profile action.

• Question 342:

  Given the image, which two options are true about the Security policy rules. (Choose two.)

  

  A. The Allow Office Programs rule is using an Application Filter
  B. In the Allow FTP to web server rule, FTP is allowed using App-ID
  C. The Allow Office Programs rule is using an Application Group
  D. In the Allow Social Networking rule, allows all of Facebook's functions
  A. The Allow Office Programs rule is using an Application Filter
  D. In the Allow Social Networking rule, allows all of Facebook's functions

• Question 343:

  Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers?

  A. Active Directory monitoring
  B. Windows session monitoring
  C. Windows client probing
  D. domain controller monitoring
  D. domain controller monitoring

  ---

  Explanation/Reference:

• Question 344:

  Where within the firewall GUI can all existing tags be viewed?

  A. Network > Tags
  B. Monitor > Tags
  C. Objects > Tags
  D. Policies > Tags
  C. Objects > Tags

  ---

  Explanation/Reference:

  Reference: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/use-tags-to-group-and-visually-distinguish-objects/create-and-apply-tags

• Question 345:

  Review the screenshot below. Based on the information it contains, which protocol decoder will detect a machine-learning match, create a Threat log entry, and permit the traffic?

  

  A. smb
  B. imap
  C. ftp
  D. http2
  B. imap

  ---

  Explanation/Reference:

  HTTP/2 has allow which does not create a log-entry

• Question 346:

  Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone.

  Complete the security policy to ensure only Telnet is allowed.

  Security Policy: Source Zone: Internal to DMZ Zone __________services "Application defaults", and action = Allow

  A. Destination IP: 192.168.1.123/24
  B. Application = `Telnet'
  C. Log Forwarding
  D. USER-ID = `Allow users in Trusted'
  B. Application = `Telnet'

• Question 347:

  Which two configurations does an administrator need to compare in order to see differences between the active configuration and potential changes if committed? (Choose two.)

  A. Device state
  B. Active
  C. Candidate
  D. Running
  C. Candidate
  D. Running

• Question 348:

  What are the requirements for using Palo Alto Networks EDL Hosting Sen/ice?

  A. any supported Palo Alto Networks firewall or Prisma Access firewall
  B. an additional subscription free of charge
  C. a firewall device running with a minimum version of PAN-OS 10.1
  D. an additional paid subscription
  A. any supported Palo Alto Networks firewall or Prisma Access firewall

• Question 349:

  Identify the correct order to configure the PAN-OS integrated USER-ID agent.

  1.

  create a service account on the Domain Controller with sufficient permissions to execute the User- ID agent

  2.

  define the address of the servers to be monitored on the firewall

  3.

  add the service account to monitor the server(s)

  4.

  commit the configuration, and verify agent connection status

  A. 2-3-4-1
  B. 1-4-3-2
  C. 3-1-2-4
  D. 1-3-2-4
  D. 1-3-2-4

• Question 350:

  Which two security profile types can be attached to a security policy? (Choose two.)

  A. antivirus
  B. DDoS protection
  C. threat
  D. vulnerability
  A. antivirus
  D. vulnerability